07062006 0543 GMT-6
$player_data = array();
$search_terms = array('fname', 'lname', 'address', 'city', 'state', 'zip',
'phhome', 'phcell', 'phwork', 'email', );
foreach($search_terms as $search_term){
if(array_key_exists($search_term, $_POST)){
if(!empty($_POST[$search_term])){
$player_data[$search_term] = $_POST[$search_term];
}
}
}
$query = "INSERT INTO Players(";
foreach($player_data as $data => $info){
$query .="$data,";
}
$query .=") VALUES (";
foreach($player_data as $data => $info){
$query .="$info,";
}
$query .=")";
+On Wed, 2006-07-05 at 20:43 -0500, Mike Brandonisio wrote:
>
> Also are you doing any cleanup or escaping on the POST data before
> INSERTING it into your DB? You should escape each post.
>
> /**Prevent SQL injections
> ***
> */
> function quote_smart($value)
> {
> // Stripslashes
> if (get_magic_quotes_gpc()) {
> $value = stripslashes($value);
> }
> // Quote if not a number or a numeric string
> if (!is_numeric($value)) {
> $value = mysql_real_escape_string($value);
> }
> return $value;
> }
>
> You would use this like this:
>
> $query .='".quote_smart($_POST['phhome'])."';
>
> for each POST variable.
>
> Sincerely,
> Mike
------------------------ Yahoo! Groups Sponsor --------------------~-->
Something is new at Yahoo! Groups. Check out the enhanced email design.
http://us.click.yahoo.com/SISQkA/gOaOAA/yQLSAA/HKFolB/TM
--------------------------------------------------------------------~->
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
